xworm | 1984c942f8518f3095bba7b410feeb4dc85192175be753e1d54a418481944312 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

KingzNukr.exe

windows10-2004-x64

Sharing

General

Target

KingzNukr.exe
Size

8.1MB
Sample

250301-azbveatwcv
MD5

d8938e38e19f826433a8cb609489821b
SHA1

891dc57fc9c08e0416f4e1cf789e52543dad9bd5
SHA256

1984c942f8518f3095bba7b410feeb4dc85192175be753e1d54a418481944312
SHA512

2d753ed24f92d6dbc81f164d17f98c02f9c2bb9018efbffde22666a6a762f231072a6da69ec62b26c21225d486c9c8ff5a2c72a5308c77be7055c460df06c88f
SSDEEP

196608:H5m8RkdIlenXMCHGLLc54i1wN+VrRRu7NtbFRKnZMZDo0mhcTNYlBnTNY:ZmNKEnXMCHWUjtrRQ7XbFsn6ZEDfN

Score

10^/10

xworm execution pyinstaller rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

KingzNukr.exe

Resource

win10v2004-20250217-en

xworm execution rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%AppData%
install_file
HostProcess.exe
pastebin_url
https://pastebin.com/raw/qgLLv6rU

Targets

- Target
  
  KingzNukr.exe
- Size
  
  8.1MB
- MD5
  
  d8938e38e19f826433a8cb609489821b
- SHA1
  
  891dc57fc9c08e0416f4e1cf789e52543dad9bd5
- SHA256
  
  1984c942f8518f3095bba7b410feeb4dc85192175be753e1d54a418481944312
- SHA512
  
  2d753ed24f92d6dbc81f164d17f98c02f9c2bb9018efbffde22666a6a762f231072a6da69ec62b26c21225d486c9c8ff5a2c72a5308c77be7055c460df06c88f
- SSDEEP
  
  196608:H5m8RkdIlenXMCHGLLc54i1wN+VrRRu7NtbFRKnZMZDo0mhcTNYlBnTNY:ZmNKEnXMCHWUjtrRQ7XbFsn6ZEDfN
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy